Self Signed SSL Certificate Generator

About

Origin: https://github.com/paulczar/omgwtfssl

Sick of googling every time you need a self signed certificate?

This is a small docker image based off alpine linux which makes creating self signed SSL certs easier:

$ docker run -v /tmp/certs:/certs stakater/ssl-certs-generator:1.0
----------------------------
| SSL Cert Generator |
----------------------------

--> Certificate Authority
====> Generating new CA key ca-key.pem
Generating RSA private key, 2048 bit long modulus
..................................+++
..................................+++
e is 65537 (0x10001)
====> Generating new CA Certificate ca.pem
====> Generating new config file openssl.cnf
====> Generating new SSL KEY key.pem
Generating RSA private key, 2048 bit long modulus
....................................................................+++
........................+++
e is 65537 (0x10001)
====> Generating new SSL CSR key.csr
====> Generating new SSL CERT cert.pem
Signature ok
subject=/CN=test
Getting CA Private Key

$ ls /tmp/certs 
ca-key.pem  ca.pem  ca.srl  cert.pem  key.csr  key.pem  openssl.cnf

$ openssl verify -CAfile /tmp/certs/ca.pem /tmp/certs/cert.pem 
/tmp/certs/cert.pem: OK

Advanced Usage

Customize the certs using the following Environment Variables:

CA_KEY CA Key file, default ca-key.pem [1]
CA_CERT CA Certificate file, default ca.pem [1]
CA_SUBJECT CA Subject, default test-ca
CA_EXPIRE CA Expiry, default 60 days
SSL_CONFIG SSL Config, default openssl.cnf [1]
SSL_KEY SSL Key file, default key.pem
SSL_CSR SSL Cert Request file, default key.csr
SSL_CERT SSL Cert file, default cert.pem
SSL_SIZE SSL Cert size, default 2048 bits
SSL_EXPIRE SSL Cert expiry, default 60 days
SSL_SUBJECT SSL Subject default example.com
SSL_DNS comma seperate list of alternative hostnames, no default [2]
SSL_IP comma seperate list of alternative IPs, no default [2]

[1] If file already exists will re-use. [2] If SSL_DNS or SSL_IP is set will add SSL_SUBJECT to alternative hostname list

Examples

Create Certificates for NGINX

Creating web certs for testing SSL just got a hell of a lot easier...

Create Certificate:

$ docker run -v /tmp/certs:/certs \
  -e SSL_SUBJECT=test.example.com   stakater/ssl-certs-generator:1.0

Enable SSL in /etc/nginx/sites-enabled/default:

server {
        listen 443;
        server_name test.example.com;
        root html;
        index index.html index.htm;
        ssl on;
        ssl_certificate /tmp/certs/cert.pem;
        ssl_certificate_key /tmp/certs/key.pem;
        ssl_session_timeout 5m;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        location / {
                try_files $uri $uri/ =404;
        }
}

Restart NGINX and test:

$ service nginx restart
$ echo '127.0.2.1       test.example.com' >> /etc/hosts
$ curl --cacert /tmp/certs/ca.pem https://test.example.com
<!DOCTYPE html>
<html>
<head>
...

Create keys for docker registry

Slightly more interesting example of using stakater/ssl-certs-generator as a volume container to build and host SSL certs for the Docker Registry image

Create the volume container for the registry from stakater/ssl-certs-generator:

$ docker run \
  --name certs \
  -e SSL_SUBJECT=test.example.com \
  stakater/ssl-certs-generator
----------------------------
| SSL Cert Generator |
----------------------------

--> Certificate Authority
====> Generating new CA key ca-key.pem
Generating RSA private key, 2048 bit long modulus
..........+++
.......................................................+++
e is 65537 (0x10001)
====> Generating new CA Certificate ca.pem
====> Generating new config file openssl.cnf
====> Generating new SSL KEY key.pem
Generating RSA private key, 2048 bit long modulus
........................................................................................................................................................+++
...+++
e is 65537 (0x10001)
====> Generating new SSL CSR key.csr
====> Generating new SSL CERT cert.pem
Signature ok
subject=/CN=test.example.com
Getting CA Private Key

Run the registry using --volumes-from to use the volume container created above:

$ docker run -d \
    --name registry \
    --volumes-from certs \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert.pem \
    -e REGISTRY_HTTP_TLS_KEY=/certs/key.pem \
    -p 5000:5000 \
    registry:2

Make sure it works:

$ echo "127.0.2.1       test.example.com" >> /etc/hosts
$ docker tag paulczar/omgwtfssl test.example.com:5000/omgwtfbbq
$ docker push test.example.com:5000/omgwtfbbq
The push refers to a repository [test.example.com:5000/omgwtfbbq] (len: 1)
e34964fe7cfa: Pushed 
d52b82eb9ff3: Pushed 
6b030e7d76a6: Pushed 
8a648f689ddb: Pushed 
latest: digest: sha256:8a97202b0ad9b375ff478d84ed948ae7ddd298196fd3b341fc8391a0fe71345a size: 7617

stakater / dockerfile-ssl-certs-generator Goto Github PK

dockerfile-ssl-certs-generator's Introduction

Self Signed SSL Certificate Generator

About

Advanced Usage

Examples

Create Certificates for NGINX

Create keys for docker registry

dockerfile-ssl-certs-generator's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent